» to7rmqpmyimxef.dll
Overview
Analysis
File Details
Behaviors (1)

to7rmqpmyimxef.dll

The module to7rmqpmyimxef.dll has been detected as a potentially unwanted program by 24 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘NeetoCouponn’. The library is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.

File name:

to7rmqpmyimxef.dll

MD5:

21d3ebbf15401b49593ce837e04eb562

SHA-1:

4951dc605db29274e20ef7f1717f646e884f0dac

SHA-256:

69c59240cc99e96ea9cda640e3a3f47273376ae37f2c56a503f82c0a7f54ff24

Scanner detections:

24 / 68

Status:

Potentially unwanted

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

4/19/2024 4:39:32 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Zusy.139555

5575765

AhnLab V3 Security

PUP/Win32.MultiPlug

2015.05.29

Avira AntiVirus

TR/Crypt.XPACK.Gen7

8.3.1.6

avast!

Win32:Adware-gen [Adw]

150525-2

AVG

Generic6

2016.0.3095

Baidu Antivirus

Adware.Win32.MultiPlug

4.0.3.15528

Bitdefender

Gen:Variant.Application.Zusy.139555

1.0.20.740

Comodo Security

Application.Win32.AdWare.MultiPlug.VB

22258

Dr.Web

Trojan.Crossrider1.32655

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Application.Zusy.139555

10.0.0.5366

ESET NOD32

Win32/Adware.MultiPlug.KM application

7.0.302.0

Fortinet FortiGate

W32/MultiPlug.FNZ

5/28/2015

F-Secure

Riskware.Gen:Variant.Application.Zusy

5.14.151

G Data

Gen:Variant.Application.Zusy.139555

15.5.25

K7 AntiVirus

Unwanted-Program

13.204.16062

Malwarebytes

PUP.Optional.MultiPlug.A

v2015.05.28.05

McAfee

Program.Multiplug-FNZ

17.6.569.0

MicroWorld eScan

Gen:Variant.Application.Zusy.139555

16.0.0.444

Panda Antivirus

Trj/Genetic.gen

15.05.28.05

Qihoo 360 Security

Win32/Trojan.cb1

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

15.5.28.17

Rising Antivirus

PE:Packer.Win32.Crypt.ej!1075357707

23.00.65.15526

Sophos

PUA 'MultiPlug' (of type Adware)

5.14

VIPRE Antivirus

Threat.5142409

40552

File size:

797.5 KB (816,640 bytes)

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\Program Files\neetocouponn\to7rmqpmyimxef.dll

File PE Metadata

Compilation timestamp:

5/27/2015 12:05:04 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:Bvn7xsOPpT4MZQpZkl+WgfeGmrp42isXSnfxDv4:Bv1PXWpZ6wb2ixp

Entry address:

0x3D4C1

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 32, 62, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 70, 4C, 06, 10, E8, A0, 0B, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, D0, 14, 0B, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 18, B4, 05, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

331 KB (338,944 bytes)

Internet Explorer BHO

Display name:

NeetoCouponn

CLSID:

{5E8C170E-028D-4FD0-8FBB-E4FB5E3A7B81}

Remove to7rmqpmyimxef.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.